authentik:
  global:
    env:
      - name: AUTHENTIK_SECRET_KEY
        valueFrom:
          secretKeyRef:
            name: authentik-key-secret
            key: key
      - name: AUTHENTIK_POSTGRESQL__HOST
        valueFrom:
          secretKeyRef:
            name: authentik-postgresql-17-cluster-app
            key: host
      - name: AUTHENTIK_POSTGRESQL__NAME
        valueFrom:
          secretKeyRef:
            name: authentik-postgresql-17-cluster-app
            key: dbname
      - name: AUTHENTIK_POSTGRESQL__USER
        valueFrom:
          secretKeyRef:
            name: authentik-postgresql-17-cluster-app
            key: user
      - name: AUTHENTIK_POSTGRESQL__PASSWORD
        valueFrom:
          secretKeyRef:
            name: authentik-postgresql-17-cluster-app
            key: password
  authentik:
    redis:
      host: redis-replication-authentik-master
  server:
    name: server
    replicas: 1
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    ingress:
      enabled: false
  worker:
    name: worker
    replicas: 1
  prometheus:
    rules:
      enabled: true
  postgresql:
    enabled: false
  redis:
    enabled: false
cloudflared:
  existingSecretName: authentik-cloudflared-secret
postgres-17-cluster:
  mode: recovery
  cluster:
    storage:
      storageClass: local-path
    walStorage:
      storageClass: local-path
    monitoring:
      enabled: true
      prometheusRule:
        enabled: true
  recovery:
    method: objectStore
    objectStore:
      destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster
      endpointURL: http://garage-main.garage:3900
      index: 1
      endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage
  backup:
    objectStore:
      - name: external
        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster
        index: 1
        retentionPolicy: "7d"
        isWALArchiver: false
      - name: garage-local
        destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster
        index: 1
        endpointURL: http://garage-main.garage:3900
        endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage
        endpointCredentialsIncludeRegion: true
        retentionPolicy: "7d"
        isWALArchiver: true
      # - name: garage-remote
      #   destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster
      #   index: 1
      #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
      #   endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage
      #   retentionPolicy: "30d"
      #   data:
      #     compression: bzip2
      #     jobs: 2
    scheduledBackups:
      - name: daily-backup
        suspend: false
        schedule: "0 0 0 * * *"
        backupName: external
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 0 0 * * *"
        backupName: garage-local
      # - name: weekly-backup
      #   suspend: false
      #   schedule: "0 0 4 * * SAT"
      #   backupName: garage-remote